### Example Helm Command for NTH Source: https://github.com/aws/aws-node-termination-handler/blob/main/README.md Use this Helm command to upgrade or install the aws-node-termination-handler with specific configurations for SQS termination draining and heartbeat intervals. ```sh helm upgrade --install aws-node-termination-handler \ --namespace kube-system \ --set enableSqsTerminationDraining=true \ --set heartbeatInterval=1000 \ --set heartbeatUntil=4500 \ // other inputs.. ``` -------------------------------- ### Install NTH via kubectl (Queue Processor Mode) Source: https://context7.com/aws/aws-node-termination-handler/llms.txt Installs NTH in Queue Processor mode using kubectl. This involves downloading the manifest, editing the QUEUE_URL, and then applying the manifest. ```bash curl -L https://github.com/aws/aws-node-termination-handler/releases/download/v1.25.6/all-resources-queue-processor.yaml -o all-resources-queue-processor.yaml # Edit the file to set QUEUE_URL environment variable kubectl apply -f ./all-resources-queue-processor.yaml ``` -------------------------------- ### Install AWS Node Termination Handler (Zero Config) Source: https://github.com/aws/aws-node-termination-handler/blob/main/README.md Installs the AWS Node Termination Handler with default configurations. Replace CHART_VERSION with the desired version. ```bash helm upgrade --install aws-node-termination-handler \ --namespace kube-system \ oci://public.ecr.aws/aws-ec2/helm/aws-node-termination-handler --version $CHART_VERSION ``` -------------------------------- ### Install NTH via kubectl (IMDS Mode) Source: https://context7.com/aws/aws-node-termination-handler/llms.txt Applies the NTH resources directly using kubectl manifests for IMDS mode installation. ```bash kubectl apply -f https://github.com/aws/aws-node-termination-handler/releases/download/v1.25.6/all-resources.yaml ``` -------------------------------- ### Install AEMM using Helm Source: https://github.com/aws/aws-node-termination-handler/blob/main/docs/aemm_interruption_testing.md Installs the Amazon EC2 Metadata Mock (AEMM) using Helm. Ensure you download the correct release tarball. ```bash helm install amazon-ec2-metadata-mock amazon-ec2-metadata-mock-1.6.0.tgz \ --namespace default ``` -------------------------------- ### Install NTH via Helm (Queue Processor Mode) Source: https://context7.com/aws/aws-node-termination-handler/llms.txt Installs the AWS Node Termination Handler in Queue Processor mode, which uses SQS for event handling. Requires specifying the SQS queue URL. ```bash helm upgrade --install aws-node-termination-handler \ --namespace kube-system \ --set enableSqsTerminationDraining=true \ --set queueURL=https://sqs.us-east-1.amazonaws.com/123456789012/MyK8sTermQueue \ oci://public.ecr.aws/aws-ec2/helm/aws-node-termination-handler --version 0.27.6 ``` -------------------------------- ### Install NTH via Helm (with Features) Source: https://context7.com/aws/aws-node-termination-handler/llms.txt Installs the AWS Node Termination Handler with specific features enabled, such as Spot Instance draining, rebalance monitoring, scheduled event draining, and ASG lifecycle draining. ```bash helm upgrade --install aws-node-termination-handler \ --namespace kube-system \ --set enableSpotInterruptionDraining="true" \ --set enableRebalanceMonitoring="true" \ --set enableScheduledEventDraining="true" \ --set enableASGLifecycleDraining="true" \ oci://public.ecr.aws/aws-ec2/helm/aws-node-termination-handler --version 0.27.6 ``` -------------------------------- ### Install NTH via Helm (IMDS Mode) Source: https://context7.com/aws/aws-node-termination-handler/llms.txt Installs the AWS Node Termination Handler in IMDS mode using the official Helm chart. This mode requires no additional AWS infrastructure setup. ```bash aws ecr-public get-login-password \ --region us-east-1 | helm registry login \ --username AWS \ --password-stdin public.ecr.aws helm upgrade --install aws-node-termination-handler \ --namespace kube-system \ oci://public.ecr.aws/aws-ec2/helm/aws-node-termination-handler --version 0.27.6 ``` -------------------------------- ### Install AWS Node Termination Handler with Minimal Configuration Source: https://github.com/aws/aws-node-termination-handler/blob/main/README.md Install the AWS Node Termination Handler using Helm with minimal configuration, enabling SQS termination draining and specifying the SQS queue URL. Replace CHART_VERSION with the desired version. ```bash helm upgrade --install aws-node-termination-handler \ --namespace kube-system \ --set enableSqsTerminationDraining=true \ --set queueURL=https://sqs.us-east-1.amazonaws.com/0123456789/my-term-queue \ oci://public.ecr.aws/aws-ec2/helm/aws-node-termination-handler --version $CHART_VERSION ``` -------------------------------- ### Install with Slack Webhook URL Source: https://context7.com/aws/aws-node-termination-handler/llms.txt Install the Helm chart for the AWS Node Termination Handler and configure it to send notifications to a Slack webhook URL. Ensure you replace the placeholder with your actual Slack webhook URL. ```bash # Install with Slack webhook helm upgrade --install aws-node-termination-handler \ --namespace kube-system \ --set webhookURL=https://hooks.slack.com/services/YOUR/SLACK/WEBHOOK \ oci://public.ecr.aws/aws-ec2/helm/aws-node-termination-handler --version 0.27.6 ``` -------------------------------- ### Install AWS Node Termination Handler Helm Chart Source: https://github.com/aws/aws-node-termination-handler/blob/main/config/helm/aws-node-termination-handler/README.md Install the AWS Node Termination Handler Helm chart with default configuration. Ensure you replace `$CHART_VERSION` with the desired chart version. ```shell helm upgrade --install --namespace kube-system aws-node-termination-handler oci://public.ecr.aws/aws-ec2/helm/aws-node-termination-handler --version $CHART_VERSION ``` -------------------------------- ### Install AWS Node Termination Handler with Webhook Configuration Source: https://github.com/aws/aws-node-termination-handler/blob/main/README.md Install the AWS Node Termination Handler using Helm, enabling SQS termination draining and configuring a direct webhook URL for notifications. Replace CHART_VERSION with the desired version. ```bash helm upgrade --install aws-node-termination-handler \ --namespace kube-system \ --set enableSqsTerminationDraining=true \ --set queueURL=https://sqs.us-east-1.amazonaws.com/0123456789/my-term-queue \ --set webhookURL=https://hooks.slack.com/services/YOUR/SLACK/URL \ oci://public.ecr.aws/aws-ec2/helm/aws-node-termination-handler --version $CHART_VERSION ``` -------------------------------- ### AWS Infrastructure Setup (CloudFormation) Source: https://context7.com/aws/aws-node-termination-handler/llms.txt Deploys the required SQS queue and EventBridge rules for Queue Processor mode. Ensure the IAM role used by the ASG has permissions to send messages to the SQS queue. ```yaml # cfn-template.yaml AWSTemplateFormatVersion: 2010-09-09 Resources: Queue: Type: 'AWS::SQS::Queue' Properties: MessageRetentionPeriod: 300 SqsManagedSseEnabled: true QueuePolicy: Type: 'AWS::SQS::QueuePolicy' Properties: Queues: - !Ref Queue PolicyDocument: Statement: - Effect: Allow Principal: Service: - events.amazonaws.com - sqs.amazonaws.com Action: 'sqs:SendMessage' Resource: !GetAtt Queue.Arn ASGTermRule: Type: 'AWS::Events::Rule' Properties: EventPattern: source: [aws.autoscaling] detail-type: [EC2 Instance-terminate Lifecycle Action] Targets: - Id: 1 Arn: !GetAtt Queue.Arn SpotTermRule: Type: 'AWS::Events::Rule' Properties: EventPattern: source: [aws.ec2] detail-type: [EC2 Spot Instance Interruption Warning] Targets: - Id: 1 Arn: !GetAtt Queue.Arn RebalanceRule: Type: 'AWS::Events::Rule' Properties: EventPattern: source: [aws.ec2] detail-type: [EC2 Instance Rebalance Recommendation] Targets: - Id: 1 Arn: !GetAtt Queue.Arn InstanceStateChangeRule: Type: 'AWS::Events::Rule' Properties: EventPattern: source: [aws.ec2] detail-type: [EC2 Instance State-change Notification] Targets: - Id: 1 Arn: !GetAtt Queue.Arn ScheduledChangeRule: Type: 'AWS::Events::Rule' Properties: EventPattern: source: [aws.health] detail-type: [AWS Health Event] detail: service: [EC2] eventTypeCategory: [scheduledChange] Targets: - Id: 1 Arn: !GetAtt Queue.Arn Outputs: QueueURL: Description: Queue URL for AWS NTH controller Value: !Ref Queue ``` -------------------------------- ### Install AEMM with Specific Spot Interruption Time Source: https://github.com/aws/aws-node-termination-handler/blob/main/docs/aemm_interruption_testing.md Use this Helm command to install AEMM and configure it to simulate a single spot interruption event at a precise time. This helps in testing the AWS Node Termination Handler's response to specific interruption scenarios. ```bash helm install amazon-ec2-metadata-mock amazon-ec2-metadata-mock-1.6.0.tgz \ --set aemm.spot.time="2020-09-09T22:40:47Z" \ --namespace default ``` -------------------------------- ### Helm Configuration for Queue Processor Mode Source: https://context7.com/aws/aws-node-termination-handler/llms.txt Example `values.yaml` for configuring NTH in Queue Processor mode. Includes SQS URL, AWS region, worker configuration, and tag-based filtering. ```yaml enableSqsTerminationDraining: true queueURL: "https://sqs.us-east-1.amazonaws.com/123456789012/MyK8sTermQueue" awsRegion: "us-east-1" # Worker configuration workers: 10 # Parallel event processors replicas: 1 # NTH deployment replicas # Tag-based filtering checkTagBeforeDraining: true managedTag: "aws-node-termination-handler/managed" # Use Kubernetes ProviderID instead of AWS PrivateDnsHostname useProviderId: false ``` -------------------------------- ### Install AWS Node Termination Handler using Webhook Secret Source: https://github.com/aws/aws-node-termination-handler/blob/main/README.md Install the AWS Node Termination Handler using Helm, enabling SQS termination draining and referencing a Kubernetes secret for the webhook URL. Replace CHART_VERSION with the desired version. ```bash helm upgrade --install aws-node-termination-handler \ --namespace kube-system \ --set enableSqsTerminationDraining=true \ --set queueURL=https://sqs.us-east-1.amazonaws.com/0123456789/my-term-queue \ --set webhookURLSecretName=webhooksecret \ oci://public.ecr.aws/aws-ec2/helm/aws-node-termination-handler --version $CHART_VERSION ``` -------------------------------- ### Helm Configuration for IMDS Mode Source: https://context7.com/aws/aws-node-termination-handler/llms.txt Example `values.yaml` for configuring NTH in IMDS mode. Covers image settings, logging, draining behavior, event monitoring, observability, and webhook notifications. ```yaml image: repository: public.ecr.aws/aws-ec2/aws-node-termination-handler tag: "v1.25.6" pullPolicy: IfNotPresent # Logging configuration logLevel: info # Options: info, debug, error jsonLogging: false # Enable JSON-formatted logs # Draining behavior dryRun: false # Only log actions without executing cordonOnly: false # Cordon without draining taintNode: false # Add taint on interruption deleteLocalData: true # Delete emptyDir volumes ignoreDaemonSets: true # Skip DaemonSet pods during drain podTerminationGracePeriod: -1 # Use pod's own grace period if negative nodeTerminationGracePeriod: 120 # Seconds to wait for node drain # IMDS mode event monitoring enableSpotInterruptionDraining: true enableScheduledEventDraining: true enableASGLifecycleDraining: true enableRebalanceMonitoring: false enableRebalanceDraining: false # Observability enablePrometheusServer: false prometheusServerPort: 9092 emitKubernetesEvents: false # Webhook notifications webhookURL: "" webhookHeaders: '{"Content-type":"application/json"}' webhookTemplate: '{"text":"[NTH] EventID: {{ .EventID }} - Kind: {{ .Kind }} - Instance: {{ .InstanceID }} - Node: {{ .NodeName }}"}' ``` -------------------------------- ### Authenticate Helm Client with ECR Public Source: https://github.com/aws/aws-node-termination-handler/blob/main/config/helm/aws-node-termination-handler/README.md Authenticate your Helm client to pull images from the ECR Public registry. This is a prerequisite for installing the chart. ```shell aws ecr-public get-login-password \ --region us-east-1 | helm registry login \ --username AWS \ --password-stdin public.ecr.aws ``` -------------------------------- ### Configure Webhook URL for Notifications Source: https://github.com/aws/aws-node-termination-handler/blob/main/README.md Sets a direct webhook URL for sending notifications, for example, to Slack. Replace the placeholder URL with your actual webhook URL. ```bash helm upgrade --install aws-node-termination-handler \ --namespace kube-system \ --set webhookURL=https://hooks.slack.com/services/YOUR/SLACK/URL \ oci://public.ecr.aws/aws-ec2/helm/aws-node-termination-handler --version $CHART_VERSION ``` -------------------------------- ### Prometheus Scrape Config for aws-node-termination-handler Source: https://github.com/aws/aws-node-termination-handler/blob/main/README.md Example scrape configuration for Prometheus to collect metrics from the aws-node-termination-handler. This is typically used in Queue mode when not using a ServiceMonitor. ```yaml # charts/prometheus/values.yaml # See: https://github.com/prometheus-community/helm-charts/blob/main/charts/prometheus/values.yaml extraScrapeConfigs: | - job_name: 'aws-node-termination-handler' static_configs: - targets: - 'aws-node-termination-handler.kube-system.svc.cluster.local:9092' ``` -------------------------------- ### Configure Webhook URL using Kubernetes Secret Source: https://github.com/aws/aws-node-termination-handler/blob/main/README.md Installs the AWS Node Termination Handler and configures it to use a webhook URL stored in a Kubernetes secret named 'webhooksecret'. ```bash helm upgrade --install aws-node-termination-handler \ --namespace kube-system \ --set webhookURLSecretName=webhooksecret \ oci://public.ecr.aws/aws-ec2/helm/aws-node-termination-handler --version $CHART_VERSION ``` -------------------------------- ### Enable Spot Interruption Draining and Rebalance Monitoring Source: https://github.com/aws/aws-node-termination-handler/blob/main/README.md Installs the AWS Node Termination Handler with specific features enabled, such as Spot interruption draining and Rebalance monitoring. Set enableScheduledEventDraining to "false" to disable it. ```bash helm upgrade --install aws-node-termination-handler \ --namespace kube-system \ --set enableSpotInterruptionDraining="true" \ --set enableRebalanceMonitoring="true" \ --set enableScheduledEventDraining="false" \ oci://public.ecr.aws/aws-ec2/helm/aws-node-termination-handler --version $CHART_VERSION ``` -------------------------------- ### Authenticate Helm Client with ECR Public Gallery Source: https://github.com/aws/aws-node-termination-handler/blob/main/README.md Authenticates your Helm client to log in to the AWS ECR Public Gallery to pull container images. Ensure you have the AWS CLI installed and configured. ```bash aws ecr-public get-login-password \ --region us-east-1 | helm registry login \ --username AWS \ --password-stdin public.ecr.aws ``` -------------------------------- ### Download and Apply All Resources Source: https://github.com/aws/aws-node-termination-handler/blob/main/README.md Download the all-resources-queue-processor.yaml file and apply it to your cluster after updating the QUEUE_URL. This is a minimal configuration for the queue processor. ```bash curl -L https://github.com/aws/aws-node-termination-handler/releases/download/v1.25.6/all-resources-queue-processor.yaml -o all-resources-queue-processor.yaml kubectl apply -f ./all-resources-queue-processor.yaml ``` -------------------------------- ### Create and Use Docker Buildx Builder Source: https://github.com/aws/aws-node-termination-handler/blob/main/BUILD.md Creates and sets a Docker Buildx builder instance for multi-platform builds. ```bash docker buildx create --use ``` -------------------------------- ### Apply Kustomize Overlay with Spot Node Selector Source: https://github.com/aws/aws-node-termination-handler/blob/main/BUILD.md Applies a Kustomize overlay that includes a node selector for running the daemonset specifically on spot instances. ```bash kubectl apply -k $REPO_ROOT/config/overlays/spot-node-selector ``` -------------------------------- ### Push Multi-Arch Image using manifest-tool Source: https://github.com/aws/aws-node-termination-handler/blob/main/BUILD.md Pushes the multi-architecture Docker image using the manifest-tool based on the provided YAML specification. ```bash manifest-tool push from-spec manifest.yaml ``` -------------------------------- ### Build Docker Image with Go Module Proxy Set to Direct Source: https://github.com/aws/aws-node-termination-handler/blob/main/BUILD.md Builds the Docker image, setting the GOPROXY build argument to 'direct' to bypass module proxies. ```bash docker buildx build --load --build-arg=GOPROXY=direct -t ${USER}/aws-node-termination-handler:v1.0.0 . ``` -------------------------------- ### Build Windows Docker Image Source: https://github.com/aws/aws-node-termination-handler/blob/main/BUILD.md Builds the Docker image for the Windows operating system. ```bash make build-docker-images-windows ``` -------------------------------- ### Build Docker Image for arm64 Source: https://github.com/aws/aws-node-termination-handler/blob/main/BUILD.md Builds and loads a Docker image for the arm64 architecture with a specified tag. ```bash docker buildx build --load --platform "linux/arm64" -t ${USER}/aws-node-termination-handler-arm64:v1.0.0 . ``` -------------------------------- ### Build Docker Images for All Linux Architectures Source: https://github.com/aws/aws-node-termination-handler/blob/main/BUILD.md Builds Docker images for all supported Linux architectures (linux/amd64 and linux/arm64). ```bash make build-docker-images ``` -------------------------------- ### Uninstall AWS Node Termination Handler Helm Chart Source: https://github.com/aws/aws-node-termination-handler/blob/main/config/helm/aws-node-termination-handler/README.md Uninstall the AWS Node Termination Handler Helm chart from the `kube-system` namespace. This command removes the chart installation. ```shell helm uninstall --namespace kube-system aws-node-termination-handler ``` -------------------------------- ### Clone the Repository Source: https://github.com/aws/aws-node-termination-handler/blob/main/BUILD.md Use this command to clone the project repository from GitHub. ```bash git clone https://github.com/aws/aws-node-termination-handler.git ``` -------------------------------- ### Build Docker Image for amd64 Source: https://github.com/aws/aws-node-termination-handler/blob/main/BUILD.md Builds and loads a Docker image for the amd64 architecture with a specified tag. ```bash docker buildx build --load --platform "linux/amd64" -t ${USER}/aws-node-termination-handler-amd64:v1.0.0 . ``` -------------------------------- ### Get All AWS Node Termination Handler Events Source: https://github.com/aws/aws-node-termination-handler/blob/main/docs/kubernetes_events.md Use this command to retrieve all Kubernetes events generated by the AWS Node Termination Handler. This is useful for monitoring general node termination activity. ```bash kubectl get events --field-selector "source=aws-node-termination-handler" ``` -------------------------------- ### Build Docker Image (amd64) Source: https://github.com/aws/aws-node-termination-handler/blob/main/BUILD.md Builds the latest version of the Docker image for linux/amd64 architecture. ```bash make docker-build ``` -------------------------------- ### Run Local E2E Tests Source: https://github.com/aws/aws-node-termination-handler/blob/main/test/README.md Use this make target to create and run end-to-end tests on a local kind cluster. The cluster configuration is defined in `test/k8s-local-cluster-test/kind-three-node-cluster.yaml`. ```bash make e2e-test ``` -------------------------------- ### Apply Base Kustomize Configuration Source: https://github.com/aws/aws-node-termination-handler/blob/main/BUILD.md Applies the base Kustomize configuration directly to the Kubernetes cluster. ```bash kubectl apply -k $REPO_ROOT/config/base ``` -------------------------------- ### Reinstall AWS Node Termination Handler Helm Chart Source: https://github.com/aws/aws-node-termination-handler/blob/main/config/helm/aws-node-termination-handler/README.md Reinstall the AWS Node Termination Handler Helm chart on an EKS cluster where it is already installed. Use `--recreate-pods` and `--force` for a clean reinstallation. Ensure you replace `$CHART_VERSION`. ```shell helm upgrade --install --namespace kube-system aws-node-termination-handler oci://public.ecr.aws/aws-ec2/helm/aws-node-termination-handler --version $CHART_VERSION --recreate-pods --force ``` -------------------------------- ### CLI Configuration Options for NTH Source: https://context7.com/aws/aws-node-termination-handler/llms.txt Run the AWS Node Termination Handler using command-line flags to control its behavior. These flags allow fine-grained control over various aspects of the handler's operation. ```bash # Command-line flags ./node-termination-handler \ --node-name=$(NODE_NAME) \ --pod-name=$(POD_NAME) \ --pod-namespace=$(NAMESPACE) \ --enable-spot-interruption-draining=true \ --enable-scheduled-event-draining=true \ --enable-rebalance-monitoring=true \ --enable-rebalance-draining=false \ --node-termination-grace-period=120 \ --pod-termination-grace-period=-1 \ --delete-local-data=true \ --ignore-daemon-sets=true \ --cordon-only=false \ --taint-node=false \ --dry-run=false \ --json-logging=true \ --log-level=info \ --enable-prometheus-server=true \ --prometheus-server-port=9092 \ --emit-kubernetes-events=true ``` -------------------------------- ### Build Docker Image with Custom Go Module Proxy Source: https://github.com/aws/aws-node-termination-handler/blob/main/BUILD.md Builds the Docker image, configuring the GOPROXY build argument to use a specified corporate proxy. ```bash docker buildx build --load --build-arg=GOPROXY=go-proxy.mycorp.com -t ${USER}/aws-node-termination-handler:v1.0.0 . ``` -------------------------------- ### Run EKS Cluster Test Driver with Configuration Source: https://github.com/aws/aws-node-termination-handler/blob/main/test/README.md To test on an existing EKS cluster or use a custom ECR repository for Docker images, invoke the `eks-cluster-test` driver script directly. Pass a `CONFIG` file as a parameter to specify these custom settings. ```bash ./test/eks-cluster-test/run-test ``` -------------------------------- ### Create Manifest YAML for Multi-Arch Image Source: https://github.com/aws/aws-node-termination-handler/blob/main/BUILD.md Defines the multi-architecture image configuration in a YAML file for manifest-tool. ```yaml cat << EOF > manifest.yaml image: ${USER}/aws-node-termination-handler:v1.0.0 manifests: - image: ${USER}/aws-node-termination-handler-amd64:v1.0.0 platform: architecture: amd64 os: linux - image: ${USER}/aws-node-termination-handler-arm64:v1.0.0 platform: architecture: arm64 os: linux EOF ``` -------------------------------- ### Kiam Agent Whitelist Argument Source: https://github.com/aws/aws-node-termination-handler/blob/main/README.md Alternatively, pass the whitelist configuration as an argument to the kiam agents when hostNetworking is set to false. ```bash kiam agent --whitelist-route-regexp='^\/latest\/meta-data\/(spot\/instance-action|events\/maintenance\/scheduled|instance-(id|type)|public-(hostname|ipv4)|local-(hostname|ipv4)|placement\/availability-zone)|\/latest\/dynamic\/instance-identity\/document$' ``` -------------------------------- ### Configure Kiam Whitelist for NTH Source: https://context7.com/aws/aws-node-termination-handler/llms.txt Configure Kiam's Helm chart values or agent arguments to whitelist specific instance metadata endpoints. This is required for IMDS mode without host networking. ```yaml agent: whiteListRouteRegexp: '^\/latest\/meta-data\/(spot\/instance-action|events\/maintenance\/scheduled|events\/recommendations\/rebalance|autoscaling\/target-lifecycle-state|instance-(id|type)|public-(hostname|ipv4)|local-(hostname|ipv4)|placement\/availability-zone)|\/latest\/dynamic\/instance-identity\/document$' ``` ```bash kiam agent --whitelist-route-regexp='^\/latest\/meta-data\/(spot\/instance-action|events\/maintenance\/scheduled|events\/recommendations\/rebalance|autoscaling\/target-lifecycle-state|instance-(id|type)|public-(hostname|ipv4)|local-(hostname|ipv4)|placement\/availability-zone)|\/latest\/dynamic\/instance-identity\/document$' ``` -------------------------------- ### Create EventBridge Rule for Instance Rebalance Source: https://github.com/aws/aws-node-termination-handler/blob/main/README.md Configure an EventBridge rule to receive notifications for EC2 instance rebalance recommendations. ```bash aws events put-rule \ --name MyK8sRebalanceRule \ --event-pattern "{\"source\": [\"aws.ec2\"],\"detail-type\": [\"EC2 Instance Rebalance Recommendation\"]}" ``` ```bash aws events put-targets --rule MyK8sRebalanceRule \ --targets "Id"=\"1\",\"Arn\"=\"arn:aws:sqs:us-east-1:123456789012:MyK8sTermQueue\" ``` -------------------------------- ### Configure ASG Termination Lifecycle Hooks Source: https://context7.com/aws/aws-node-termination-handler/llms.txt Sets up ASG termination lifecycle hooks for graceful node draining. The `notification-target-arn` and `role-arn` are required when sending directly to SQS. ```bash # Create termination lifecycle hook with EventBridge aws autoscaling put-lifecycle-hook \ --lifecycle-hook-name=k8s-termination-hook \ --auto-scaling-group-name=my-k8s-asg \ --lifecycle-transition=autoscaling:EC2_INSTANCE_TERMINATING \ --default-result=CONTINUE \ --heartbeat-timeout=300 ``` ```bash # Alternative: Send directly to SQS (requires IAM role) aws autoscaling put-lifecycle-hook \ --lifecycle-hook-name=k8s-termination-hook \ --auto-scaling-group-name=my-k8s-asg \ --lifecycle-transition=autoscaling:EC2_INSTANCE_TERMINATING \ --default-result=CONTINUE \ --heartbeat-timeout=300 \ --notification-target-arn arn:aws:sqs:us-east-1:123456789012:MyK8sTermQueue \ --role-arn arn:aws:iam::123456789012:role/ASGLifecycleHookRole ``` ```bash # Optional: Launch lifecycle hook for node readiness aws autoscaling put-lifecycle-hook \ --lifecycle-hook-name=k8s-launch-hook \ --auto-scaling-group-name=my-k8s-asg \ --lifecycle-transition=autoscaling:EC2_INSTANCE_LAUNCHING \ --default-result=ABANDON \ --heartbeat-timeout=300 ``` -------------------------------- ### Run EKS Cluster E2E Tests Source: https://github.com/aws/aws-node-termination-handler/blob/main/test/README.md Use this make target to create and run end-to-end tests on an EKS cluster. This target must be used for testing Windows nodes. The cluster specification is in `test/eks-cluster-test/cluster-spec.yaml`. ```bash make eks-cluster-test ``` -------------------------------- ### Tag EC2 Instances for NTH Management Source: https://context7.com/aws/aws-node-termination-handler/llms.txt Tags EC2 instances to enable NTH management with `checkTagBeforeDraining`. Tagging the ASG is recommended for propagation to all instances. ```bash # Tag ASG to propagate to all instances (recommended) aws autoscaling create-or-update-tags \ --tags ResourceId=my-k8s-asg,ResourceType=auto-scaling-group,Key=aws-node-termination-handler/managed,Value=,PropagateAtLaunch=true ``` ```bash # Tag individual EC2 instance aws ec2 create-tags \ --resources i-1234567890abcdef0 \ --tags 'Key="aws-node-termination-handler/managed",Value=' ``` ```bash # Verify instance tags aws ec2 describe-instances \ --instance-ids i-1234567890abcdef0 \ --query 'Reservations[].Instances[].Tags[?Key==`aws-node-termination-handler/managed`]' ``` -------------------------------- ### Run Local Cluster Test Driver with Preservation Source: https://github.com/aws/aws-node-termination-handler/blob/main/test/README.md Invoke the local cluster test driver script directly to pass parameters. Use the `-p` flag to preserve the created cluster after the tests complete, allowing for further inspection. The `-b` flag specifies the test suite, and `-d` enables debugging. ```bash ./test/k8s-local-cluster-test/run-test -b e2e-test -d -p ``` -------------------------------- ### Configure ASG Lifecycle Hook for Instance Launch Source: https://github.com/aws/aws-node-termination-handler/blob/main/README.md Set up an Auto Scaling Group lifecycle hook to send instance launch notifications. This hook can be configured to send notifications via EventBridge. ```bash aws autoscaling put-lifecycle-hook \ --lifecycle-hook-name=my-k8s-launch-hook \ --auto-scaling-group-name=my-k8s-asg \ --lifecycle-transition=autoscaling:EC2_INSTANCE_LAUNCHING \ --default-result="ABANDON" \ --heartbeat-timeout=300 ``` -------------------------------- ### Create EventBridge Rule for Spot Interruptions Source: https://github.com/aws/aws-node-termination-handler/blob/main/README.md This command sets up an EventBridge rule to detect and act upon EC2 Spot Instance interruption warnings. ```bash aws events put-rule \ --name MyK8sSpotTermRule \ --event-pattern "{\"source\": [\"aws.ec2\"],\"detail-type\": [\"EC2 Spot Instance Interruption Warning\"]}" ``` ```bash aws events put-targets --rule MyK8sSpotTermRule \ --targets "Id"=\"1\",\"Arn\"=\"arn:aws:sqs:us-east-1:123456789012:MyK8sTermQueue\" ``` -------------------------------- ### Run Termination Handler on Specific Nodes (Spot Instances) Source: https://github.com/aws/aws-node-termination-handler/blob/main/README.md Configures the AWS Node Termination Handler to run only on nodes with the label lifecycle=spot. This is useful for targeting specific instance types. ```bash helm upgrade --install aws-node-termination-handler \ --namespace kube-system \ --set nodeSelector.lifecycle=spot \ oci://public.ecr.aws/aws-ec2/helm/aws-node-termination-handler --version $CHART_VERSION ``` -------------------------------- ### Create ASG Termination Lifecycle Hook (Direct to SQS) Source: https://github.com/aws/aws-node-termination-handler/blob/main/README.md Creates a termination lifecycle hook for an existing Auto Scaling Group, sending events directly to an SQS queue. Requires the SQS queue ARN and an IAM role ARN for SQS access. ```bash aws autoscaling put-lifecycle-hook \ --lifecycle-hook-name=my-k8s-term-hook \ --auto-scaling-group-name=my-k8s-asg \ --lifecycle-transition=autoscaling:EC2_INSTANCE_TERMINATING \ --default-result=CONTINUE \ --heartbeat-timeout=300 \ --notification-target-arn \ --role-arn ``` -------------------------------- ### Configure Node Termination Handler Environment Variables Source: https://context7.com/aws/aws-node-termination-handler/llms.txt Set these environment variables to configure the node termination handler. This is an alternative to using CLI flags for SQS queue processing. ```bash export ENABLE_SQS_TERMINATION_DRAINING=true export QUEUE_URL=https://sqs.us-east-1.amazonaws.com/123456789012/MyK8sTermQueue export AWS_REGION=us-east-1 export WORKERS=10 export CHECK_TAG_BEFORE_DRAINING=true export MANAGED_TAG=aws-node-termination-handler/managed export USE_PROVIDER_ID=false export DELETE_SQS_MSG_IF_NODE_NOT_FOUND=false export HEARTBEAT_INTERVAL=1000 export HEARTBEAT_UNTIL=4500 ``` -------------------------------- ### Configure Node Termination Handler CLI Flags Source: https://context7.com/aws/aws-node-termination-handler/llms.txt Use these CLI flags to configure the node termination handler for SQS queue processing. Ensure the AWS region and queue URL are correctly set. ```bash ./node-termination-handler \ --node-name=$(NODE_NAME) \ --enable-sqs-termination-draining=true \ --queue-url=https://sqs.us-east-1.amazonaws.com/123456789012/MyK8sTermQueue \ --aws-region=us-east-1 \ --workers=10 \ --check-tag-before-draining=true \ --managed-tag=aws-node-termination-handler/managed \ --use-provider-id=false \ --delete-sqs-msg-if-node-not-found=false \ --heartbeat-interval=1000 \ --heartbeat-until=4500 ``` -------------------------------- ### Create EventBridge Rule for ASG Termination Source: https://github.com/aws/aws-node-termination-handler/blob/main/README.md Use this command to create an EventBridge rule that captures EC2 instance termination lifecycle actions from Auto Scaling Groups. ```bash aws events put-rule \ --name MyK8sASGTermRule \ --event-pattern "{\"source\":[\"aws.autoscaling\"],\"detail-type\":[\"EC2 Instance-terminate Lifecycle Action\"]}" ``` ```bash aws events put-targets --rule MyK8sASGTermRule \ --targets "Id"=\"1\",\"Arn\"=\"arn:aws:sqs:us-east-1:123456789012:MyK8sTermQueue\" ``` -------------------------------- ### Create Kubernetes Secret for Webhook URL Source: https://github.com/aws/aws-node-termination-handler/blob/main/README.md Creates a Kubernetes secret in the 'kube-system' namespace to store the webhook URL securely. This is an alternative to passing the URL directly. ```bash WEBHOOKURL_LITERAL="webhookurl=https://hooks.slack.com/services/YOUR/SLACK/URL" kubectl create secret -n kube-system generic webhooksecret --from-literal=$WEBHOOKURL_LITERAL ``` -------------------------------- ### Kiam Helm Chart Whitelist Configuration Source: https://github.com/aws/aws-node-termination-handler/blob/main/README.md Configure Kiam's Helm chart to whitelist specific metadata endpoints required by the termination handler when IMDS mode is set to hostNetworking: false. ```yaml agent.whiteListRouteRegexp: '^\/latest\/meta-data\/(spot\/instance-action|events\/maintenance\/scheduled|instance-(id|type)|public-(hostname|ipv4)|local-(hostname|ipv4)|placement\/availability-zone)|\/latest\/dynamic\/instance-identity\/document$' ``` -------------------------------- ### Environment Variables for NTH Configuration Source: https://context7.com/aws/aws-node-termination-handler/llms.txt Configure the AWS Node Termination Handler using environment variables as an alternative to command-line flags. This is useful for setting default values or when running in environments where environment variables are preferred. ```bash # Environment variables (alternative to CLI flags) export NODE_NAME=ip-10-0-1-100.ec2.internal export DRY_RUN=false export DELETE_LOCAL_DATA=true export IGNORE_DAEMON_SETS=true export NODE_TERMINATION_GRACE_PERIOD=120 export ENABLE_SPOT_INTERRUPTION_DRAINING=true export ENABLE_SCHEDULED_EVENT_DRAINING=true export ENABLE_REBALANCE_MONITORING=true export JSON_LOGGING=true export LOG_LEVEL=info export ENABLE_PROMETHEUS_SERVER=true export PROMETHEUS_SERVER_PORT=9092 ``` -------------------------------- ### Tag Individual EC2 Instance for Management Source: https://github.com/aws/aws-node-termination-handler/blob/main/README.md Tags an individual EC2 instance to ensure it is managed by the aws-node-termination-handler. This is useful for specific instance control. ```bash aws ec2 create-tags \ --resources i-1234567890abcdef0 \ --tags 'Key="aws-node-termination-handler/managed",Value=' ``` -------------------------------- ### Create EventBridge Rule for Instance State Changes Source: https://github.com/aws/aws-node-termination-handler/blob/main/README.md This rule monitors EC2 instance state changes and sends notifications to the specified SQS queue. ```bash aws events put-rule \ --name MyK8sInstanceStateChangeRule \ --event-pattern "{\"source\": [\"aws.ec2\"],\"detail-type\": [\"EC2 Instance State-change Notification\"]}" ``` ```bash aws events put-targets --rule MyK8sInstanceStateChangeRule \ --targets "Id"=\"1\",\"Arn\"=\"arn:aws:sqs:us-east-1:123456789012:MyK8sTermQueue\" ``` -------------------------------- ### Configure ASG Lifecycle Hook with SQS Notification Target Source: https://github.com/aws/aws-node-termination-handler/blob/main/README.md Configure an Auto Scaling Group lifecycle hook to send instance launch notifications directly to an SQS queue. This requires specifying the target queue ARN and an IAM role ARN for SQS access. ```bash aws autoscaling put-lifecycle-hook \ --lifecycle-hook-name=my-k8s-launch-hook \ --auto-scaling-group-name=my-k8s-asg \ --lifecycle-transition=autoscaling:EC2_INSTANCE_LAUNCHING \ --default-result="ABANDON" \ --heartbeat-timeout=300 \ --notification-target-arn \ --role-arn ``` -------------------------------- ### Node Termination Handler Configuration Options Source: https://github.com/aws/aws-node-termination-handler/blob/main/config/helm/aws-node-termination-handler/README.md This section outlines the configurable parameters for the AWS Node Termination Handler, including settings for DNS, node selection, affinity, tolerations, and probe server. ```APIDOC ## Node Termination Handler Configuration ### Description Configuration options for the AWS Node Termination Handler, allowing customization of DNS settings, node selection, affinity, tolerations, and probe server behavior. ### Parameters #### Request Body Parameters - **dnsPolicy** (string) - Optional - If specified, this overrides `linuxDnsPolicy` and `windowsDnsPolicy` with a single policy. - **dnsConfig** (object) - Optional - If specified, this sets the dnsConfig: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config. - **linuxDnsPolicy** (string) - Optional - DNS policy for the Linux DaemonSet. - **windowsDnsPolicy** (string) - Optional - DNS policy for the Windows DaemonSet. - **daemonsetNodeSelector** (object) - Optional - Expressions to select a node by its labels for DaemonSet pod assignment. For backwards compatibility the `nodeSelector` value has priority over this but shouldn't be used. - **linuxNodeSelector** (object) - Optional - Override `daemonsetNodeSelector` for the Linux DaemonSet. - **windowsNodeSelector** (object) - Optional - Override `daemonsetNodeSelector` for the Windows DaemonSet. - **daemonsetAffinity** (object) - Optional - Affinity settings for DaemonSet pod assignment. For backwards compatibility the `affinity` has priority over this but shouldn't be used. - **linuxAffinity** (object) - Optional - Override `daemonsetAffinity` for the Linux DaemonSet. - **windowsAffinity** (object) - Optional - Override `daemonsetAffinity` for the Windows DaemonSet. - **daemonsetTolerations** (array) - Optional - Tolerations for DaemonSet pod assignment. For backwards compatibility the `tolerations` has priority over this but shouldn't be used. - **linuxTolerations** (array) - Optional - Override `daemonsetTolerations` for the Linux DaemonSet. - **windowsTolerations** (array) - Optional - Override `daemonsetTolerations` for the Linux DaemonSet. - **enableProbesServer** (boolean) - Optional - If `true`, start an http server exposing `/healthz` endpoint for probes. Defaults to `false`. - **metadataTries** (integer) - Optional - The number of times to try requesting metadata. Defaults to `3`. ### Request Example ```json { "dnsPolicy": "", "dnsConfig": {}, "linuxDnsPolicy": "", "windowsDnsPolicy": "", "daemonsetNodeSelector": {}, "linuxNodeSelector": {}, "windowsNodeSelector": {}, "daemonsetAffinity": {}, "linuxAffinity": {}, "windowsAffinity": {}, "daemonsetTolerations": [], "linuxTolerations": [], "windowsTolerations": [], "enableProbesServer": false, "metadataTries": 3 } ``` ### Response #### Success Response (200) - **status** (string) - Indicates the success of the operation. #### Response Example ```json { "status": "Configuration updated successfully" } ``` ```